Agent-oriented network intrusion detection system using data mining approaches Online publication date: Thu, 05-Jul-2007
by Tak-Chung Fu, Chung-Leung Lui
International Journal of Agent-Oriented Software Engineering (IJAOSE), Vol. 1, No. 2, 2007
Abstract: Most of the existing commercial Network Intrusion Detection System (NIDS) products are signature-based but not adaptive. In this paper, an adaptive NIDS using data mining technology is developed. Data mining approaches are used to accurately capture the actual behaviour of network traffic, and the portfolio mined is useful for differentiating 'normal' and 'attack' traffics. On the other hand, most of the current researches use only one engine for detection of various attacks; the proposed system, which is constructed by a number of agents, is totally different in both training and detecting processes. Each of the agents has its own strength in capturing a kind of network behaviour and hence the system has strength in detecting different types of attack. In addition, its ability in detecting new types of attack and its higher tolerance to fluctuations were shown. The experimental results showed that the frequent patterns mined from the audit data could be used as reliable agents, which outperformed the traditional signature-based NIDS.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Agent-Oriented Software Engineering (IJAOSE):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com